View Active Process List
The Active Process List interface displays all currently active processes initiated by applications that are currently running in the sandbox environment . By tracing an application's parent process, CIS can detect whether a non-trusted application is attempting to spawn an already trusted application and thus deny access rights for that trusted application. This system provides the very highest protection against Trojans, malware and rootkits that try to use trusted software to launch an attack. By default, the list displays the processes of sandboxed applications only, but can be made to display all the processes from the right-click options.
The processes of sandboxed applications include:
-
Auto-Sandbox - Unrecognized applications are run inside the auto sandbox with access restriction as selected in the 'Auto-sandbox unknown applications as' drop down in Behavior Blocker.
-
Run Virtual - Applications that are selected and run in Sandbox. Refer to 'Run an Application in the Sandbox' for more details.
-
Applications that are run inside the sandbox using the context sensitive menu - Click here for more details.
-
Running browsers inside the sandbox from the Widget - Click here for more details.
-
Drag-and-drop applications on to CIS Home Screen - Click here for more details.
-
Programs that are added manually - Refer to the section 'Configure the Sandbox' for more details.
To view Active Process list
-
Click the first box in the third row in the CIS Widget.
- Alternatively, the screen can be accessed by clicking the number beside 'Sandboxed Apps' in the Advanced View of the Home screen in the Defense+ and Sandbox pane.
Column Descriptions
-
Application – Displays the names of applications that are currently running.
-
PID – Process Identification Number.
-
Company – Displays the name of the software developer.
-
User Name – The name of the user that started the process.
-
Restriction – Displays the level of sandbox setting selected for the program.
-
Rating – Displays the rating of the application whether trusted or unknown.
Right-click on any process to:
-
Show full path: Displays the location of the the executable in addition to it's name.
-
Show Sandboxed Only: Displays the details of the sandboxed programs only. Disable this option to view all the current active process list.
-
Add to Trusted Files: The selected unknown program is added to Trusted Files list.
-
Online Lookup: The selected program is compared with the Comodo database of programs and results declared whether it is safe or not.
-
Submit: The selected application will be sent to Comodo for analysis.
Clicking the 'More' button at the bottom of the screen will open the Comodo KillSwitch application – an advanced system monitoring tool that allows users to quickly identify, monitor and terminate any unsafe processes that are running on your system.
If KillSwitch is not yet installed, clicking this button will prompt you to download the application. Refer to the section Identify and Kill Unsafe Processes for more details.